webrequest

Pulkit Gulati

What are Content-type and Accept Headers

I’ve often felt confused with the difference between the Content-type and Accept Headers that are passed along with a request to an API. I’ve used a fake Json REST API called JsonPlaceHolder to show the Json request and response with a Post request.

Accept Header tells the API that it is expecting the response in the specified media type e.g. application/json or application/xml.
Accept: application/json

And Content-Type tells the API about the media type of the request being sent in the request body e.g. application/json.
Content-Type: application/json

Both headers are sent along with the call to the API from the Client. Below I’m using the Postman Client to test the scenario for json request.
For the scenario, to test the response in XML format, the API should support the format provided in the Accept Header.

The 2nd image above shows the Json body being passed in the Post request for Creating the resource.

For a standard HTML Post request, the Content-Type Header will be one of the Standard types:

  1. application/x-www-form-urlencoded for simple ASCII text
  2. multipart/form-data for file upload support or non-ASCII text
Advertisement
Pulkit Gulati

TLS version handling with http web request CSharp

Since you’re reading this, probably your C# code broke the connection to the website or a third-party API you’re hitting using the HttpWebRequest. The below code shows one such scenario where my application code broke which is running in .net framework 4.0. The company running the API upgraded their security with the TLS version upgrade to 1.2.

The exception that you’re seeing as below while trying to call GetResponse():

The request was aborted: Could not create SSL/TLS secure channel.

Uri url = new Uri(Link);
HttpWebRequest http = (HttpWebRequest)WebRequest.Create(url.ToString());
HttpWebResponse resp = (HttpWebResponse)http.GetResponse();
returnValue = Convert.ToInt32(resp.StatusCode);

HTTPS relies on a family of lower level security protocol implementations called transport level security (TLS), each using different cryptographic algorithms. Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. Anything that is using TLS standard below TLS 1.2 is considered to be non secure because these older encryption algorithms have been cracked at some point. The TLS standards keep evolving and TLS 1.3 is in the works.

Each .net framework supports TLS version 1.2 in the following ways:

  • .Net 4.5 and above: Add the below line of code before making the web request in your code. Some blogs say .Net 4.6 and above support it by default and no code changes are required but as I tried it myself, it doesn’t work.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
  • .Net 4.0: This framework does not support the enumeration as in the latest frameworks, the below line of code helps achieve that:
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

Older frameworks do no support the latest TLS version, so it’s better to upgrade your application. Also, as a good security practice do not use the fallback code as shown below:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Another good point to consider upgrading your application is to check if Microsoft still supports the .Net framework you’re using.

Show some love for the pit in my PayPal account.